FeddDownload: addpubkey.patch
File addpubkey.patch, 7.0 KB (added by , 15 years ago) |
---|
-
addpubkey
RCS file: /usr/DETER/cvsroot/testbed/account/addpubkey.in,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 addpubkey.in
43 43 print " -w Generate new authkeys (protocol 1 and 2) file for user\n"; 44 44 print " -i Initialize mode; generate initial key for user\n"; 45 45 print " -r Force a regenerate of initial key for user\n"; 46 print " -R Remove key from user\n"; 47 print " -C Confirm key is assigned to user\n"; 46 48 exit(-1); 47 49 } 48 my $optlist = "dkniwfu:rX: ";50 my $optlist = "dkniwfu:rX:RC"; 49 51 my $iskey = 0; 50 52 my $verify = 0; 51 53 my $initmode = 0; … … 78 80 my $user_dbid; 79 81 my $user_uid; 80 82 my $debug = 0; 83 my $delete = 0; 84 my $confirm = 0; 81 85 82 86 # 83 87 # Testbed Support libraries … … 90 94 # 91 95 # Function prototypes 92 96 # 93 sub ParseKey($); 97 sub CheckKey($); 98 sub AddKey($); 94 99 sub InitUser(); 95 100 sub GenerateKeyFile(); 96 101 sub ParseXmlArgs($$$$$$); … … 169 174 if (defined($options{"u"})) { 170 175 $user = $options{"u"}; 171 176 } 177 if (defined($options{"R"})) { 178 $delete = 1; 179 } 180 if (defined($options{"C"})) { 181 $confirm = 1; 182 } 172 183 if (defined($options{"X"})) { 173 184 $xmlfile = $options{"X"}; 174 185 … … 190 201 $ARGV[0] = $xmlargs{"keyfile"}; 191 202 } 192 203 204 if ( $delete && $confirm ) { 205 usage(); 206 } 207 193 208 if ($verify && $genmode) { 194 209 usage(); 195 210 } … … 313 328 AuditStart(0); 314 329 } 315 330 331 # The control flow is the same for add and delete. Pick the action and follow 332 # that flow. 333 my $action = undef; 334 335 if ($delete ) { $action = \&DeleteKey; } 336 elsif ($confirm) { $action = \&ConfirmKey; } 337 else { $action = \&AddKey; } 338 316 339 # 317 340 # Grab the first line of the file. Parse it to see if its in the 318 341 # format we like (openssh), either protocol 1 or 2. 319 342 # 320 if ( ParseKey($keyline)) {343 if (&$action($keyline)) { 321 344 exit 0; 322 345 } 323 346 # If the key was entered on the command line, then nothing more to do. … … 333 356 " Could not start ssh-keygen\n"); 334 357 } 335 358 $keyline = <KEYGEN>; 336 if (close(KEYGEN) && ParseKey($keyline)) {359 if (close(KEYGEN) && &$action($keyline)) { 337 360 exit 0; 338 361 } 339 362 exit 1; 340 363 341 sub ParseKey($) { 364 # Make sure the key is properly formatted. If so, return the key in a 365 # canonical format, the comment, and type as a list, otherwise return undef. 366 sub CheckKey($) { 342 367 my ($keyline) = @_; 368 my $comment; 369 my $type; 343 370 344 371 # Remove trailing newlines which screws the patterns below. 345 372 # First convert dos newlines since many people upload from windoze. 346 373 $keyline =~ s/\r/\n/g; 347 374 $keyline =~ s/\n//g; 348 375 349 # Enforce a reasonable length on the key.350 if (length($keyline) > 4096) {351 print "Key is too long!\n";352 print "Key: $keyline\n";353 return 0;354 }355 356 376 if ($keyline =~ /^(\d*\s\d*\s[0-9a-zA-Z]*) ([-\w\@\.\ ]*)\s*$/) { 357 377 # Protocol 1 358 378 $type = "ssh-rsa1"; … … 378 398 } 379 399 380 400 if (!defined($key)) { 401 return undef; 402 } 403 404 # 405 # Make up a comment field for the DB. 406 # 407 if (!defined($comment)) { 408 $comment = "$type-${user_email}"; 409 } 410 $key = "$key $comment"; 411 return ($key, $comment, $type); 412 } 413 414 415 sub ConfirmKey($) { 416 my ($keyline) = @_; 417 418 # Enforce a reasonable length on the key. 419 if (length($keyline) > 4096) { 420 print "Key is too long!\n"; 421 print "Key: $keyline\n"; 422 return 0; 423 } 424 425 my ($key, $comment, $type) = CheckKey($keyline); 426 427 if (!$key) { 381 428 print "Key cannot be parsed!\n"; 382 429 print "Key: $keyline\n"; 383 430 return 0; 384 431 } 432 433 # Do not enter into DB if in verify mode. 434 if ($verify && $key ) { 435 print "Key was good: $type\n"; 436 return 1; 437 } 438 439 my $sth = DBQueryFatal("select uid from user_pubkeys " . 440 "where uid='$user_uid' and pubkey='$key'"); 441 442 my $chunked = ""; 443 444 while (length($key)) { 445 $chunked .= substr($key, 0, 65, ""); 446 if (length($key)) { 447 $chunked .= "\n"; 448 } 449 } 450 if ($sth->rows() == 1) { 451 print "SSH Public Key for '$user' confirmed:\n"; 452 print "$chunked\n"; 453 return 1; 454 } 455 else { 456 print "SSH Public Key for '$user' not present:\n"; 457 print "$chunked\n"; 458 return 0; 459 } 460 } 461 462 463 sub AddKey($) { 464 my ($keyline) = @_; 465 466 # Enforce a reasonable length on the key. 467 if (length($keyline) > 4096) { 468 print "Key is too long!\n"; 469 print "Key: $keyline\n"; 470 return 0; 471 } 472 473 my ($key, $comment, $type) = CheckKey($keyline); 385 474 475 if (!$key) { 476 print "Key cannot be parsed!\n"; 477 print "Key: $keyline\n"; 478 return 0; 479 } 480 386 481 # Do not enter into DB if in verify mode. 387 if ($verify ) {482 if ($verify && $key ) { 388 483 print "Key was good: $type\n"; 389 484 return 1; 390 485 } 391 486 392 # 393 # Make up a comment field for the DB. 394 # 395 if (!defined($comment)) { 396 $comment = "$type-${user_email}"; 487 488 # If the key is already present, just report success. 489 if (!ConfirmKey($keyline)) { 490 DBQueryFatal("replace into user_pubkeys ". 491 "values ('$user_uid', '$user_dbid', ". 492 " 0, '$key', now(), '$comment')"); 493 494 # 495 # Mark user record as modified so nodes are updated. 496 # 497 TBNodeUpdateAccountsByUID($user_uid); 498 499 my $chunked = ""; 500 501 while (length($key)) { 502 $chunked .= substr($key, 0, 65, ""); 503 if (length($key)) { 504 $chunked .= "\n"; 505 } 506 } 507 print "SSH Public Key for '$user' added:\n"; 508 print "$chunked\n"; 509 510 # Generate new auth keys file. 511 if ($genmode) { 512 GenerateKeyFile(); 513 } 514 515 if (! $noemail) { 516 SENDMAIL("$user_name <$user_email>", 517 "SSH Public Key for '$user_uid' Added", 518 "SSH Public Key for '$user_uid' added:\n". 519 "\n". 520 "$chunked\n", 521 "$TBOPS"); 522 } 523 } 524 return 1; 525 } 526 527 sub DeleteKey($) { 528 my ($keyline) = @_; 529 530 # Enforce a reasonable length on the key. 531 if (length($keyline) > 4096) { 532 print "Key is too long!\n"; 533 print "Key: $keyline\n"; 534 return 0; 535 } 536 537 my ($key, $comment, $type) = CheckKey($keyline); 538 539 if (!$key) { 540 print "Key cannot be parsed!\n"; 541 print "Key: $keyline\n"; 542 return 0; 543 } 544 545 # Do not enter into DB if in verify mode. 546 if ($verify && $key ) { 547 print "Key was good: $type\n"; 548 return 1; 397 549 } 398 $key = "$key $comment";399 550 400 DBQueryFatal(" replace intouser_pubkeys ".401 " values ('$user_uid', '$user_dbid',".402 " 0, '$key', now(), '$comment')");551 DBQueryFatal("delete from user_pubkeys ". 552 "where uid='$user_uid' and uid_idx='$user_dbid' and ". 553 "pubkey='$key'"); 403 554 404 555 # 405 556 # Mark user record as modified so nodes are updated. … … 414 565 $chunked .= "\n"; 415 566 } 416 567 } 417 print "SSH Public Key for '$user' added:\n";568 print "SSH Public Key for '$user' deleted:\n"; 418 569 print "$chunked\n"; 419 570 420 571 # Generate new auth keys file. … … 424 575 425 576 if (! $noemail) { 426 577 SENDMAIL("$user_name <$user_email>", 427 "SSH Public Key for '$user_uid' Added",428 "SSH Public Key for '$user_uid' added:\n".578 "SSH Public Key for '$user_uid' removed", 579 "SSH Public Key for '$user_uid' removed:\n". 429 580 "\n". 430 581 "$chunked\n", 431 582 "$TBOPS");